Keeping Your Donor Data Secure...But Accessible

by Laurie Herrick, Mentor, JCamp 180

As more and more nonprofit organizations realize that a clean, up to date donor management database is crucial for managing effective outreach to alumni and gift tracking processes, it also brings other issues to the forefront. In an age when people are becoming more and more reticent about sharing their personal data, how do you ensure their data is safe and secure with your organization?

To help answer this question, JCamp 180 Mentor Laurie Herrick offered the following tips for maintaining secure, up to date donor and gift data:

1) Restrict Access - Not everyone should be able to edit and view all data in your donor management system (or excel file). Determine who has access to what data and communicate that access explicitly. If your system offers security restrictions to disallow edit and/or view access to particular types of data in the system, implement it.

  • Some (Board members, for example) can simply receive reports from the systems, rather than access the system directly.
  • Volunteers involved in cultivating and soliciting prospects should be given reports and standard forms for them to be fully prepared for discussions and also clearly document the outcomes and next steps of their meetings so that a staff member can enter the data into the system accurately.

2) Implement and Adhere to Standards - Defining and communicating clear Roles & Responsibilities is a necessary first step to ensuring your constituent data is secure. Additional data standards - what type of data each field should contain, how often it should be updated and by whom, etc. - should also be clearly documented and communicated to everyone who will be using the system.

3) Training - All staff that will be accessing the system should receive initial training, as well as clear documentation of the system and the organization's internal procedures and standards. Regular refresher training is also a best practice.

4) Confidentiality - Ensuring constituent data is confidential is of the upmost importance. Donors and prospects need to know that their data is being maintained as securely as possible. Anyone who will have access to constituent and gift data must be told explicitly that the data is not to be shared under any circumstance. Additionally, processes must be put in place to frequently change system passwords; if temps or volunteers or other staff members are no longer using the system, change their login and password so that they can no longer access the data.